Teenager Charged With Creating Sasser

Prosecutors in Verden, Germany, indicted an 18-year-old student this week for allegedly creating the Sasser worm that crashed hundreds of thousands of computers worldwide after spreading at lighting speed over the Internet.

In their 77-page indictment, prosecutors in the northern German town charged the suspect, Sven Jaschan, with computer sabotage, data manipulation, and disruption of public systems.

Informants, seeking a $250,000 reward from Microsoft, tipped off the U.S. software giant to Jaschan.

He was arrested on May 7 after confessing to German crime officials that he originally wanted to create a virus, Netsky, to remove two other viruses, MyDoom and Bagle, from infected computers. After developing several versions of Netsky, he created Sasser, according to the officials.

Sasser's Spread

Sasser didn't require users to receive an e-mail message or open a file to be infected. Instead, just having a vulnerable Windows machine connected to the Internet was enough to get infected.

Sasser exploited a hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. On April 13, Microsoft had released a software patch, MS04-011, which plugs the LSASS hole, but many companies and individuals had not installed it in time to prevent the Sasser worm affecting their systems.

The indictment papers list 173 witnesses. Prosecutors say 143 victims had filed charges, claiming damages of $158,000.

But because many businesses and individuals seldom report such damages, the actual figure could be in the millions, a spokesperson at the Verden prosecutors' office says.

Computer sabotage carries a maxim sentence of 5 years, according to the spokesperson. "But considering that this young person had no previous criminal offenses, a 5-year sentence is illusionary," he says.

A date for the trial has yet to be set, the spokesperson says.

Subscribe to the Security Watch Newsletter

Comments